1 / 19

DEA CSOS Pilot Conference Call

DEA CSOS Pilot Conference Call. October 31, 2002. Agenda. Pilot Review: Pilot Organization and Scope Phase III Review Phase III Status Phase III: Accomplished Milestones Phase III: Team Status/Project Plans Phase III: Work in Progress/Current Issues Phase III: Test Planning

kordell
Download Presentation

DEA CSOS Pilot Conference Call

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DEA CSOS Pilot Conference Call October 31, 2002

  2. Agenda • Pilot Review: Pilot Organization and Scope • Phase III Review • Phase III Status • Phase III: Accomplished Milestones • Phase III: Team Status/Project Plans • Phase III: Work in Progress/Current Issues • Phase III: Test Planning • Phase III: Suggested Test Scenarios • Phase III: Sample Test Plan • Phase III: Post Test Analysis • Phase III: Schedule • Phase III: Next Steps… • Phase III: Questions…

  3. Proposed Pilot Organization and Scope

  4. Phase III Review: Development Options: • Option One: Work with vendor/existing infrastructure • Advantages: • Leverages existing infrastructure and tools – quicker time from test to implementation • ID gaps in current implementation • Disadvantages: • Availability of vendor software? • Option Two: Develop own code to generate or receive/validate 850. • Advantages: • Some code available that can be “tweaked” • Disadvantages: • Not working with existing infrastructure – may not get good idea of implementation costs • Option Three: Hybrid

  5. Phase III Review: Development Approach • Form trading teams (purchaser/supplier and, possibly,vendors) • Select process areas to work with partner • Team A: Purchaser: • Test Objective 1: Key Exchange Process • Test Objective 2: E-222 Generation Process • Test Objective 3: Transmission Process • Test Objective 6: Receiving Process • Team B: Supplier: • Test Objective 4: E-222 Receipt Process • Test Objective 5: Order Validation Process

  6. Phase III Status: Accomplished Milestones • Milestones: • 850 Transaction Sets Worksheets • 850 committee decision on signature approach (external to orders vs. wrapped around orders) • Future Process Flow Draft • HDMA Survey to determine platforms planned and presently in use • Pilot participants established trading partnerships/roles for Phase III testing, developed “project plan” with intended processes. • Work in Progress: • Develop signed transaction to test digital certificate/processes

  7. Phase III Status:Team Status/Project Plan

  8. Phase III Status:Team Status/Project Plan

  9. Phase III Status:Work in Progress/Current Issues • Work In Progress: • Development of application to test signed 850 transaction and selected processes. • Issues: • Vendor software availability? • FIPS certification? Not necessary for pilot purposes. • Need time extension to complete development? • Development/Integration complete – 11/01 • Industry Test Plan - 11/08 • Testing complete – 12/13 • Scale back on development plans to accommodate fewer processes? • Send email to mleary@pec.com with estimated % of development complete and estimate of time extension needed.

  10. Phase III: Test Planning • Testing should focus on technology, process flows, and Anticipated Standards. • Each team will select and develop their own tests, based on their available resources. • After development, teams will submit a test plan identifying the factors and scenarios that they were able to test – and their results. Sue from Abbott has made available a sample test plan that you can add to/subtract from. • Results will be compiled into a “Gap Analysis” and be used to determine technological limitations and development costs in terms of effort and adoption expectations.

  11. Phase III Test Planning: Suggested Test Scenarios (1/4) • Processes 2.0/3.0 Key Exchange/Trading Partner Setup Scenarios: • Certificate (or Cert S/N) is received by trading partner (supplier)? • Certificate is correctly imported into PKI application? • Received certificate is properly validated by supplier? • Supplier is able to compare the extension data with the company’s back-end database and store the certificate?

  12. Phase III Test Planning: Suggested Test Scenarios (2/4) • Process 4.0 Ordering Initiation/Transmission Scenarios: • Do the orders contain the elements required by DEA? • Is each process step being satisfied successfully? • Is signing activation controlled exclusively by the purchaser? • Can the purchaser sign an 850? • Is the desktop setup to employ a 10-minute inactivity timeout? • Is the system clearing the private key from system memory on exit? • Are signed orders being saved for archival? • Can the purchaser successfully transmit a signed 850 to a supplier? • Is the signing system time within 5 minutes of a trusted time source?

  13. Phase III Test Planning:Suggested Test Scenarios (3/4) • Process 5.0 Order Authentication Scenarios: • Is extension information in the certificate being validated (shipping, registrant information)? • Is the order integrity being checked (not modified since signed)? • Is each order being checked against a current CRL? • Is the received order being archived after validation? • Process 6.0 Order Fulfillment Scenarios: • Line items in order validated against schedules in certificate? • Order information has been archived for CSOS?

  14. Phase III Test Planning: Suggested Test Scenarios (4/4) • Error-handling (exception processing) Scenarios: • Did the certificate pass the integrity check on the hash? • Subsequent retransmission of order upon failure of hash? • Does the system properly validate the certificate/order? • Are expired certificates rejected? • Are revoked certificates rejected? • Are orders for a substance not authorized on the certificate rejected? • If an order has been signed by an invalid CA – is it properly detected? • If transmission is interrupted is the order rolled-back? • Test certificates have been created and are on the CSOS Pilot Web site to execute error-handling test scenarios.

  15. Phase III: Sample Test Plan – 2.0 Key Exchange

  16. Phase III: Post-Test Analysis • Completed test plan data to be compiled: • Anticipated Standards – determine impact to anticipated standards • Interoperability (working across platforms) – Gap analysis – what vendors will be “ready” to play by next October? FIPS-certified? • Cost – How much effort/resources will it take to modify/develop systems to be ready by October? • Provide “lessons-learned” to industry hoping to engage in CSOS.

  17. Phase III Schedule

  18. Phase III: Next Steps… • All “Purchasers” need certificates – contact Margaret Leary at (703) 679-3086 if you do not have one. • Vendors may use sample certificate on CSOS Web site (can be emailed to them by a participant). • “Bad” test certificates placed on CSOS Web site for testing purposes. • Begin Phase IV – Reporting planning – coordinate with ARCOS

  19. Questions?

More Related